A new startup called Command Zero has entered the cybersecurity scene with a cloud platform that aims to revolutionize the way investigations are conducted. The company, based in Austin, Texas, is led by co-founder and CEO Dov Yoran, who envisions a future where analysts and threat-hunting teams can perform more consistent and auditable investigations at a faster pace.
Command Zero’s platform streamlines the investigation process by automating many labor-intensive and low-value steps. It plugs into a company’s infrastructure, enables various technology modules, and guides analysts through the investigation by providing context-dependent questions and directing them to relevant data sources. The platform also organizes log information from incidents and utilizes AI to generate consistent investigation reports.
Yoran emphasizes the importance of incorporating expert knowledge and content into the platform to maximize the impact of investigators. By leveraging carefully curated resources, Command Zero aims to help cybersecurity professionals navigate complex investigations more efficiently.
Industry analysts, such as Jon Oltsik from Enterprise Strategy Group, acknowledge the skills gap in the cybersecurity field. While there is a shortage of skilled experts overall, the real challenge lies in finding analysts with the right expertise to effectively investigate incidents. Internal data sources, threat intelligence analysis, and digital forensics are advanced skills that many organizations lack or have limited resources for, making investigations a time-consuming and challenging process.
Allie Mellen, a principal researcher at Forrester, points out the talent gap in cybersecurity, with many aspiring professionals lacking the necessary knowledge and experience for investigations. As a result, companies often struggle with the investigative phase of incident response, which is crucial for understanding the root cause of security incidents.
Moving forward, Command Zero and similar platforms are exploring the integration of generative AI (GenAI) and large language models (LLMs) to enhance automated investigation systems. While AI and machine learning can assist in various tasks, human judgment remains essential in cybersecurity investigations. Mellen warns against relying too heavily on AI for generating reports, as LLMs may produce excessive text that lacks clarity and conciseness.
Looking ahead, the future of investigation platforms like Command Zero lies in leveraging machine learning models to detect anomalies, extract data from network devices and log files, and convert natural language queries into actionable insights. By combining human expertise with advanced technologies, these platforms aim to streamline investigations and empower cybersecurity professionals to stay ahead of evolving threats.